In the first part of this series, we discussed the steps you need to follow in order to download, install, and get the Net-SNMP tool running.

In this part, we will focus on the configuration aspect, explaining how you can configure the Net-SNMP agent, as well as set up authentication and encryption for the messages transmitted between it and the client.

Configuring the Net-SNMP Agent – snmpd

Assuming that the Net-SNMP package is installed on your system and is up and running, run the following snmpwalk command:

If you observe, this output contains values corresponding to system-specific variables present under the “.iso.org.dod.internet.mgmt.mib-2.system” MIB tree.

Now, suppose you want to tweak information such as “sysLocation” and “sysContact”. This you can do by editing the corresponding values in /etc/snmp/snmpd.conf, a file which you can use for configuring the Net-SNMP agent (“snmpd”).

As you can see in the screenshot above, the file contains many entries, some of which are deliberately commented out and need to be explicitly activated. In this file, I changed the value of the “sysLocation” parameter from “Sitting on the Dock of the Bay” to “Datacenter, Row 2, Rack 1.”

For the change to come into effect, just restart the Net-SNMP daemon with the following command:

So, as you can see, the value of the “sysLocation” parameter was successfully changed. Similarly, you can tweak the values of other parameters present in this file, as well as add parameters which aren’t already there.

Note: You can also use Net-SNMP’s snmpconf utility for creating and modifying SNMP configuration files. To know more about the command, read its Manpage here.

Set Up Authentication and Encryption

The Net-SNMP client utilities such as snmpget, snmpwalk, and more, as well as the daemon (snmpd) support all three versions of the SNMP protocol: v1, v2c, and v3. While the first two support only authentication, v3 also supports encryption. So, in this section, we will discuss how to set up SNMPv3.

As a first step, stop the snmpd daemon service using the following command:

/etc/init.d/snmpd stop

then open the /var/lib/snmp/snmpd.conf file and add the following line at the bottom:

The createUser command creates an SNMPv3-specific user for the purpose of authentication and encryption of SNMPV3 messages.

In the command above, replace “AUTHENTICATION-PASSWORD” and “ENCRYPTION-PASSWORD” with actual passwords that you want to keep. Also, it’s worth noting that if you do not mention “ENCRYPTION-PASSWORD” at all, Net-SNMP will use “AUTHENTICATION-PASSWORD” as the “ENCRYPTION-PASSWORD”.

Now, open etc/snmp/snmpd.conf and add the following line at the bottom:

rouser USERNAME priv

This line makes sure that the user we created earlier has read-only permissions, and can only be accessed by using AuthPriv, a Net-SNMP mode that enables communication with authentication, as well as privacy. If you want the user to have write permissions, too, just use rwuser (instead of rouser) in that case.

Now, start the Net-SNMP daemon service again using the following command:

If SNMPV3 is set up successfully, the output should be the same as the one listed at the beginning of this article.

Note: 1. Make sure to replace [AUTHENTICATION-PASSWORD], [ENCRYPTION-PASSWORD], and [USERNAME] with appropriate values.

2. SHA authentication and DES/AES encryption support is only available if you have OpenSSL installed or if you’ve compiled using --with-openssl=internal.

Conclusion

Net-SNMP provides a lot of configuration options, and what we’ve discussed here are just the basics, although it should be enough to get you started. For more information, go through the Manpage of snmpd.conf.